DataLeakTest

Updated 5/17/2021

DLP Validation & Testing

trusted cloud security partner

Your public IP address is: 35.173.234.169; IP info : Session Info

DLP Help

SSL is: off ;  more info

DLP Auditor

POST Test

GET Test

Upload Test

Email Test

FTP Testing

DLP Info

Services

 

 

Detection Methods

 

When to use them and what they will do for you

 

Maturity

Methods [of Data Detection]

Policy to Business Mapping

 Risk Reduction

Typical Accuracy/ False positive
Phase I: Monitoring
  • File Properties [type, size, age]
  • Key words, Patterns, dictionaries
  • OCR (Optical Character Recognition) or a more modern term GTA (Graphical Text Analysis)

 
  • Discovering business processes
  • Early blocking of damaging  destinations
  • Data use discovery
  • Data transfer method Discovery
  • Drip DLP monitoring
 20%

80/20
Phase II: Notifications & End user Education
  • Regular Expressions
  • Lexical analysis
  • Statistical analysis
  • File Tagging
  • OCR (Optical Character Recognition) or a more modern term GTA (Graphical Text Analysis)
  • end user notifications
  • Continued blocking of damaging  destinations
  • Destination Awareness
  • Data Source Discovery
  • Data use discovery
  • Data transfer method Control
  • Intro to "Drip DLP" control
 50%

90/10
Phase III: Blocking & Control
  • File hashing/ Fingerprinting
  • Database record hashing/ fingerprinting
  • Multi-accuracy/ blended policies
  • OCR (Optical Character Recognition) or a more modern term GTA (Graphical Text Analysis)
  • Machine learning
  • End user Education
  • Blocking of bad business processes
  • Source and Destination Control
  • Data Destination Control
  • Data transfer method control
  • Data use control
  • Data Source Control
  • Advanced "Drip DLP" control
 80%+

95+/5-

 

-Basic pattern matching will get you %20-%40 accuracy out of the box. Refinement to business practices and destination awareness will bring that accuracy up to the 80% mark.

 

-Pattern matching with lexical (word relation), statistical analysis (likelihood measurement), advanced positive and negative dictionaries, and data validation (ex. luhn check for credit cards, US Social Security number checked against the Social Security Administrations list of valid SS#'s) will get you %40-%60 OOB %80 once refined *Look for a product with out of the box policies around Federal and Industry regulations. These policies should cover things like multi language support including Chinese double-byte character recognition

 

 

 Blended Policy Approach to Data Security: As you model your business and define how data is used, make it a point to use at least 2 policy levels;

 

  1. Base Policies -catch interesting events, items that you wouldn't want to raise alarms over because its catching many uninteresting items. This data captured will be used in investigations or "Drip DLP"

  2. Critical Event Policies -these are very accurate policies usually developed in Phase II or III.

 

 

 

By context awareness or destination awareness means the ability to look at the destination of your data and make some really easy decisions. Botnets and keyloggers are a great example. Regardless of the data why would you let it go to a keylogger or botnet? That should be a transaction you can immediately block without stopping business. Instantly lowering Data risk, drastically increasing security posture, with out the risk of breaking a business process. Knowing the context of the data becomes key to implementing Data Security. *Look for a Data Security tool that integrates closely with a Web Security/ malware tool.